NTP BUG 3012: Sybil vulnerability: ephemeral association attack
Last update: February 15, 2022 20:59 UTC (43fbd379b)
ntpd can be vulnerable to Sybil attacks. If a system is set up to use a trustedkey and if one is not using the feature introduced in ntp-4.2.8p6 allowing an optional 4th field in the
ntp.keys file to specify which IPs can serve time, a malicious authenticated peer – i.e. one where the attacker knows the private symmetric key – can create arbitrarily-many ephemeral associations in order to win the clock selection of
ntpd and modify a victim’s clock.
- Implement BCP-38.
- Use the 4th argument in the
ntp.keys file to limit the IPs that can be time servers.
- Properly monitor your
This weakness was discovered by Matthew Van Gundy of Cisco ASIG.